The use of biometric information for authentication purposes is increasing. Biometric readers, such as fingerprint readers, have been used for some time in authorizing a user's access to facilities or resources. More recently, some mobile phones are being provided with biometric readers for restricting access to certain, preregistered users.
Biometric authentication provides advantages in that it can be easier for users to provide biometric information in order to be authenticated than, for example, entering a user name and password.
However, unlike a username and password, biometric information cannot be changed and, once compromised, should not be reused. This may limit the application of biometric authentication severely as, for example, once a user's fingerprint registered with a biometric authentication service has been leaked to a fraudster, the registration of the fingerprint should be revoked and the compromised fingerprint should not be used for further authentication purposes.
This shortcoming of biometric authentication may be exacerbated by existing systems and methods which inadequately protect biometric information in biometric registration and biometric challenge stages.
There is accordingly a need for a biometric authentication system which addresses these and/or other problems, at least to some extent.
The preceding discussion of the background to the invention is intended only to facilitate an understanding of the present invention. It should be appreciated that the discussion is not an acknowledgment or admission that any of the material referred to was part of the common general knowledge in the art as at the priority date of the application.